Adobe Patches Shockwave Player Flaws

A critical update for Adobe's Shockwave Player addresses several security vulnerabilities, most of which leave users open to having their systems hijacked.

Adobe Systems patched 20 bugs in its Shockwave Player in a critical update
Aug. 24.
The vulnerabilities were "identified in Adobe Shockwave Player
11.5.7.609 and earlier versions [running] on Windows and Macintosh
systems," the company said. Almost all of the bugs are memory corruption
issues that, if triggered, could allow an attacker to execute code. According
to Adobe, none of the issues are currently being exploited in the wild.

The collection of vulnerabilities also includes some denial-of-service
issues.

So far in August, Adobe has released updates for Adobe Flash Player,
ColdFusion and Flash Media Server. The company also pushed out
an emergency fix for Adobe Reader to plug a security hole revealed at the Black
Hat conference in July.
In an effort to improve security, Adobe recently announced plans to add sandboxing
technology to Adobe Reader.